The greatest financial losses from cybersecurity breaches, the top 5 cyber intrusion methods, all have one (1) thing in common. The number 1 issue is we don’t keep our email secure and we lack common sense..

Plus email is based on an ancient protocol that was never designed for security. (facepalm)

/snark/ No way! TLS is only responding on 587!? Nobody will ever figure that out. /end-snark/

In short – I can barely find the humor in this. The problem is – you, me, and all of us.Grifters are part of life. We have to adapt.

So this was OUR day. Honestly, pretty typical. Graphed. And this is filtered for noise already (excludes honeypot and silly scans, but includes most of the rest.)

From the second article on the Equifax breach linked above, this portion really galls me:

… not only are none of the last names tied to your Social Security number, but there’s no way to tell if you were really impacted.

It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID.

Earlier it was revealed executives had sold stock in the company before going public with the leak. We also found TrustID’s Terms of Service to be disturbing. The wording is such that anyone signing up for the product is barred from suing the company after.

The following phrase alone, if true, combined with Equifax literally trying to monetize their security errors, is what gives capitalism a bad name:

The wording is such that anyone signing up for the product is barred from suing the company after.

I have to believe the Equifax PR team is working for PharmaBro or Putin trying to make them look good in comparison.

Note: Equifax has changed the indemnification, but only under duress imho. Furthermore 30 days free credit monitoring by the company that released your data and then you will have to pay monthly still seems wrong. But to be fair, here is their update:

Questions continue to be raised about the arbitration clause and class action waiver language that was originally in the terms of use for the free credit file monitoring and identity theft protection products that we are offering called TrustedID Premier.
(Editor: well ya, duh!?)

We have removed that language from the TrustedID Premier Terms of Use and it will not apply to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself. The arbitration language will not apply to any consumer who signed up before the language was removed.
(Editor: but did you fire the person who did it in the first place?)

I get it. Nothing is secure. If the NSAs hacking tools get stolen and OPM loses all of the data on security clearance checks on our own people, then truly nothing is safe. I get it.

What I do not understand is a company as large as Equifax not being prepared for something like this. That Equifax did not announce it promptly. That Equifax executives sold stock before announcing it. That Equifax then attempted to indemnify themselves. That Equifax is using the crisis to sell a monitoring service that you have to pay for after 30 days. A service to monitor YOUR data that THEY lost control of!

The Internet was not built for e-commerce – it was built for knowledge sharing in a “walled garden”. Therefore keeping sites secure is not possible. Any security professional will tell you best practice is to white-list good guys (selective inclusion) as opposed to trying to find every attack and block it. Therefore the difficulty at a high level is primarily in identifying and blocking bad actors.

I hate to say it folks, but we are playing whack-a-mole with your identity and money. It will always be an uphill battle to maintain security on the Internet and you will never ever be 100% safe.

The burden of communication is on the communicator; not the recipient.

Therefore proper email etiquette is to use strong subject lines, links, numbered lists and reasonably short paragraphs. Use these guidelines on how to write a decent email that might actually produce results.

Every time an email is sent with a bad subject line, a baby seal dies. This is sad. Save the baby seals! Use good subject lines!

Links – ease of use changes behavior.

Ease of use changes behavior. Without links people will NOT click through to see the work that has been done.

It is rare that an email goes out that is truly not about SOMETHING that should be linked. Yes exceptions occur, but they are rare exceptions.

It is not your coworker’s responsibility to overcome your unwillingness to copy/paste a link from a site you are probably looking at when you sent the email!

Every time an email is sent without a link, a baby seal dies. This is sad. Save the baby seals! Use links!

Numbered Lists – organize the information

Bulleted lists are evil because they do NOT convey priority by the sender. Yet the recipient invariably starts at the top assuming this is in fact the top priority.

The value of forcing yourself to use numbered lists is that the sender (you) must organize your thoughts before confusing everyone else. It has been my experience that most people do not “order” bulleted lists but numbering makes them think about it.

Raise your hand if you like numbered lists! Now raise your other hand so things balance out. Or to put it another way – be kind to people who need this structure. It benefits you if people understand your message. Embrace diversity including “diversity of types of thinkers.” Structure and prioritize your content.

Speed readers tend to read the first sentence of a paragraph and use that to make a decision if they should bother reading the rest. Shorter paragraphs means more of your message is consumed regardless.

They force you to organize your thoughts before wasting everyone else’s time!

Don’t use Nickel words – save them for scrabble

To repeat – the burden of communication is on the communicator, including in email, not the recipient. While it is possible to write in tongues, this needlessly reduces comprehension.

But don’t oversimplify an email as that just make it more confusing. Just make it as simple as possible and no simpler.

We all value our time. You do. I do. Everyone does. So it frequently seems expedient to send an email quickly without thought. The problem is the person receiving these emails might be receiving 500 emails a day and there is no way to Get Things Done without more data.

For example assuming you – not putting a decent subject line – costs each recipient 1 extra minute of time to comprehend (if they give you this minute), then an email that saved you 1 minute, just cost a company of 30 people 29 minutes of billable time. This is very real money. And these are very real emotions on the part of the recipient.

Don’t be mean; take the time to write decent emails.

[Note: this was an internal company help file for years, I probably wrote it around 2002 or 2003. This is just me reposting it for public consumption.]

caller: so basically that’s it. my brother-in-law said he could build it for $225 dollars but I wanted to call around and get a few options to see if I could reduce the cost. He’s not very good actually.

Thoughts going through your head as the dev:

developer (option 1): so you have a job board and you want to enhance a few features of monster.com to allow for a commission and affiliate structure?

developer (option 2): so you have a great e-commerce idea, have been reviewing amazon.com and found a few ways to improve on their theories to sell widgets?

developer (opti0n 3): so you want to have a self sustaining site that makes you money with no effort invested while you work at your current job realizing the money-for-nothing potential advertised on TV?

After spending a lot of time falling asleep at the library while facing the philosophy books, I determined that the concept of destiny is a construct that allows man a gentle release from facing the terror of his existence, and that… (more)

In the process of explainingÂ SEO (search engine optimization) over the years I frequently demonstrate that if you Google “God in Houston” the top results areÂ not churches. Now I’m not talking about the local results that show the churches, but the actual search results below that that listsÂ KSBJ as the top result for “God in Houston” when searched on Google. And the only paid search result is for “Houston Gold” – like the shiny stuff you make jewelry out of. Here is a screen shot:

Note the title is “Second Baptist Church, Houston, TX.” Thus they will likely rank for “Churches in Houston” but not for “God in Houston.” A simple fix would be to update the title to “Second Baptist Church, Serving God in Houston TX”.

I mention this becauseÂ exactness of speech matters. It means that some of our largest churches have zero (0) possibility of being returned if a downtrodden person googles for them in the middle of the night. It means missed connections when a bible study group at a particular church might be the perfect connection for a fellow Houstonian. But we will never know because of a failure of exactness of speech.

On the flip side, a tip of the hat toÂ Braeswood Assembly of God church which comes up for both the physical location and second natural ranking after KSBJ in the search results. And all because they mention the word “God” in their title.

So be specific. Be exact. And I’ll leave it to you to search for the ministers’ names – they rank a bit higher than God.

“So much seems possible at the beginning of a trip, so manyÂ things seem brimmed with meaning.” pg 5

“…trickster is a boundary-crosser. Every group has its edge, its sense of in and out, and trickster is always there, at the gates of the city and the gates of life, making sure there is commerce.” Trickster, pg 7

And some fakester parodies are richly deserved like rahodeb of Whole Foods (In)Fame(ity).

Motivations for fakester accounts based on famous people might include a desire for attention, satire, performance art, hatred of what a person represents, desire to be in on a “secret”, or admission into a Goffmanesque “back room” to blatant monetary goals. But there is a motivation of some kind that piggy-backs on top of someone else’s fame.Â Every invention of a new namespace opens up opportunities for these reputation barnacles.

But there is a different type of “fake account” in the form of a completely made up person or object. A persona. And this type of fakester account is lumped in with the impersonators, and this is a mistake. I submit they are entirely different.

In disparaging terms, these are called “sock puppets.” Wikipedia clarifies

“The key difference between a sock puppet and a regular pseudonym (sometimes termed an “alt” which is short for alternate, as in alternate identity) is the pretense that the puppet is a third party who is not affiliated with the puppeteer.”

My problem with the “sock puppet” term is that the pejorative nature overrides the trickster legitimacy and social commentary conveyed. Hence I suggest a new term for those that have passed a social acceptance threshold within the community. For lack of a better word I’ll call these characters Avasters.

Avasters – an character created by a person or persons that is not based on a specific person living or dead. An invented character that acts and behaves with a unique personality. And earns the right to be considered a “person” within the community.

"A salient is a protrusion in a geometric figure, a line of battle, or an expanding weather front. As technological systems expand, reverse salients develop. Reverse salients are components in the system that have fallen behind or are out of phase with the others"

A reverse salient simply means that through no particular action, there is a huge demand for a particular invention. There is a portion that is out of phase. Identify and solve it. Fun stuff.

Yes slashdot (also shortened to /. ) is alpha geek focused. But it is a definite lead in to NYT and the Post. So it is worth the time if you are interested in politics. One last note – if you are not used to the slashdot site, flaming is …er… somewhat normal behavior.

BarackObama.com – with the social networking component at my.barackobama.com – is the best political web site I have seen yet. No, it does not focus on the corporate donor. But it sure as heck does focus on individuals who want to get involved in his campaign.

I know very little about this candidate. I do know from a geek perspective that he just made a very bold move.